e6ddce0246
## Summary Normalize all `python_version` markers to their equivalent `python_full_version` form. This avoids false positives in forking because we currently cannot detect any relationships between the two forms. It also avoids subtle bugs due to the truncating semantics of `python_version`. For example, given `requires-python = ">3.12"`, we currently simplify the marker `python_version <= 3.12` to `false`. However, the version `3.12.1` will be truncated to `3.12` for `python_version` comparisons, and thus it satisfies the python requirement and evaluates to `true`. It is possible to simplify back to `python_version` when writing markers to the lockfile. However, the equivalent `python_full_version` markers are often clearer and easier to simplify, so I lean towards leaving them as `python_full_version`. There are *a lot* of snapshot updates from this change. I'd like more eyes on the transformation logic in `python_version_to_full_version` to ensure that they are all correct. Resolves https://github.com/astral-sh/uv/issues/6125. |
||
|---|---|---|
| .. | ||
| src | ||
| Cargo.lock | ||
| Cargo.toml | ||
| License-Apache | ||
| License-BSD | ||
| Readme.md | ||
Dependency specifiers (PEP 508) in Rust
A library for python dependency specifiers, better known as PEP 508.
Usage
In Rust
use std::str::FromStr;
use pep508_rs::Requirement;
let marker = r#"requests [security,tests] >= 2.8.1, == 2.8.* ; python_version > "3.8""#;
let dependency_specification = Requirement::from_str(marker).unwrap();
assert_eq!(dependency_specification.name, "requests");
assert_eq!(dependency_specification.extras, Some(vec!["security".to_string(), "tests".to_string()]));
In Python
from pep508_rs import Requirement
requests = Requirement(
'requests [security,tests] >= 2.8.1, == 2.8.* ; python_version > "3.8"'
)
assert requests.name == "requests"
assert requests.extras == ["security", "tests"]
assert [str(i) for i in requests.version_or_url] == [">= 2.8.1", "== 2.8.*"]
Python bindings are built with maturin, but you can also use the
normal pip install .
Version and VersionSpecifier from pep440_rs are
reexported to avoid type mismatches.
Markers
Markers allow you to install dependencies only in specific environments (python version, operating
system, architecture, etc.) or when a specific feature is activated. E.g. you can say
importlib-metadata ; python_version < "3.8" or itsdangerous (>=1.1.0) ; extra == 'security'.
Unfortunately, the marker grammar has some oversights (e.g.
https://github.com/pypa/packaging.python.org/pull/1181) and the design of comparisons (PEP 440
comparisons with lexicographic fallback) leads to confusing outcomes. This implementation tries to
carefully validate everything and emit warnings whenever bogus comparisons with unintended semantics
are made.
In python, warnings are by default sent to the normal python logging infrastructure:
from pep508_rs import Requirement, MarkerEnvironment
env = MarkerEnvironment.current()
assert not Requirement("numpy; extra == 'science'").evaluate_markers(env, [])
assert Requirement("numpy; extra == 'science'").evaluate_markers(env, ["science"])
assert not Requirement(
"numpy; extra == 'science' and extra == 'arrays'"
).evaluate_markers(env, ["science"])
assert Requirement(
"numpy; extra == 'science' or extra == 'arrays'"
).evaluate_markers(env, ["science"])
from pep508_rs import Requirement, MarkerEnvironment
env = MarkerEnvironment.current()
Requirement("numpy; python_version >= '3.9.'").evaluate_markers(env, [])
# This will log:
# "Expected PEP 440 version to compare with python_version, found '3.9.', "
# "evaluating to false: Version `3.9.` doesn't match PEP 440 rules"